Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenRSAKeyPair ¶
func GenRSAKeyPair() (*RSAPrivateKey, *RSAPublicKey)
GenRSAKeyPair generates from a cryptographically secure source an RSA keypair. Returns nil if facilities unavailable at runtime.
Types ¶
type PubKeyStore ¶
type PubKeyStore interface {
Store(*RSAPublicKey)
Retrieve(string) *RSAPublicKey
}
PubKeyStore defines the common interface for retrieveing and storing public keys.
type PublicKeybase ¶
type PublicKeybase struct {
// contains filtered or unexported fields
}
PublicKeybase is a concrete public key store.
func (*PublicKeybase) Retrieve ¶
func (p *PublicKeybase) Retrieve(keyIdentifier string) *RSAPublicKey
Retrieve returns the public key specified by its SHA256 identifier, or returns nil if does not exist.
func (*PublicKeybase) Store ¶
func (p *PublicKeybase) Store(pub *RSAPublicKey)
Store records the public key supplied regardless of prior existance.
type RSAPrivateKey ¶
type RSAPrivateKey struct {
// contains filtered or unexported fields
}
RSAPrivateKey represents a private 2048-bit RSA key in both byte forms and usable forms. Bytes in ANS.1 DER.
func ReadPrivateKey ¶
func ReadPrivateKey(inPath string) (*RSAPrivateKey, error)
ReadPrivateKey parses an RSA private key from the target location. Returns error if failed.
func (*RSAPrivateKey) Save ¶
func (p *RSAPrivateKey) Save(outPath string) error
Save the private key to a target path.
type RSAPublicKey ¶
type RSAPublicKey struct {
// contains filtered or unexported fields
}
RSAPublicKey represents an RSA public key in both byte forms and usable forms. Bytes in PKIX.
func ReadPublicKey ¶
func ReadPublicKey(inPath string) (*RSAPublicKey, error)
ReadPublicKey parses an RSA public key from the target location. Returns error if failed.
func (*RSAPublicKey) Fingerprint ¶
func (p *RSAPublicKey) Fingerprint() string
Fingerprint returns the RSA public key fingerprint commonly used to identify public keys. Using MD5 for legacy compatibility.
func (*RSAPublicKey) Identifier ¶
func (p *RSAPublicKey) Identifier() string
Identifier generates a more modern hash of the public key for cross-server identification
func (*RSAPublicKey) Save ¶
func (p *RSAPublicKey) Save(outPath string) error
Save the public key to a target path. Returns error if failed.
type S2SData ¶
type S2SData struct {
SourceIdentifier string
DestinationIdentifier string
EncryptedKey []byte
ProxyPayload []byte
PayloadNonce []byte
PayloadSignature []byte
}
S2SData carries the encrypted payload along with a signature from the source server, intended for protocol-transparent transmission, in addition to additional cipher information.
type S2SDataGenerator ¶
type S2SDataGenerator struct {
// contains filtered or unexported fields
}
S2SDataGenerator creates S2SDatas by encrypting payloads with the correct target public key and signing.
func (*S2SDataGenerator) DecryptAndVerify ¶
func (g *S2SDataGenerator) DecryptAndVerify(packedPayload *S2SData) ([]byte, *net.IPAddr, int, error)
DecryptAndVerify a payload and its signature from source. Returns nils and error if source public key mismatches the signature. Returns decrypted payload, remote IP and protocol id otherwise.
func (*S2SDataGenerator) EncryptAndSign ¶
func (g *S2SDataGenerator) EncryptAndSign(payload []byte, dest string, ip net.IPAddr, protoID int) *S2SData
EncryptAndSign a payload for a defined destination server identifier, with a specific protocol and remote IP address. returns nil if invalid destination or signing error. Encryption in OAEP mode, and signed with PSS.
type S2SPayload ¶
S2SPayload holds the original Layer 4 information, along with the remote IP address and an ID to identify the supported protocol.
func (S2SPayload) Marshal ¶
func (s S2SPayload) Marshal() ([]byte, error)
Marshal encodes a server-to-server payload into serialised bytes.
func (*S2SPayload) Unmarshal ¶
func (s *S2SPayload) Unmarshal(source []byte) error
Unmarshal decodes the serialised bytes into a server-to-server payload.
Source Files